package com.weasel.security.escape.filter;

import com.weasel.security.helper.CsrfHelper;
import com.weasel.security.helper.ShiroSecurityHelper;
import org.apache.commons.lang.StringUtils;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * Created by Dylan on 2015/12/16.
 */
public class CsrfFilter extends XssFilter {



    @Override
    protected void doFilterInternal(HttpServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        String token = request.getParameter(CsrfHelper.TOKEN_NAME);
        boolean crsf = CsrfHelper.checkTokenFromSession(token, ShiroSecurityHelper.getSession());
        if(crsf || StringUtils.endsWithIgnoreCase(request.getMethod(),"GET")){
            chain.doFilter(request,response);
        }
    }
}
